[Cryptography] Great moments in Bitcoin security

Dave Horsfall dave at horsfall.org
Tue Jun 2 17:49:23 EDT 2015


Seen in SANS Vol 17 No 43:

   --Blockchain Updates Android App to Fix Flaws  

  (May 29 & June 1, 2015)

  Bitcoin wallet Blockchain has issued an update for its Android app to 
  address several issues that can cause users to send Bitcoins to the 
  incorrect address. The random number generator Blockchain uses recently 
  switched to HTTPS and began returning a "moved permanently" or 301 error 
  when apps requested a random number through HTTP, so instead of generating 
  a number, Blockchain used "301" to generate private keys no matter which 
  address users specified. 
  http://www.theregister.co.uk/2015/06/01/blockchain_app_shows_how_not_to_code/ 
  http://arstechnica.com/security/2015/05/crypto-flaws-in-blockchain-android-app-sent-bitcoins-to-the-wrong-address/

Oops...

-- 
Dave Horsfall DTM (VK2KFU)   "Those who don't understand security will suffer."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)


More information about the cryptography mailing list